RHSA-2023:7626HighCVSS 8.1

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update

Published
December 7, 2023
Last Modified
June 30, 2026

🔗 CVE IDs covered (13)

📋 Description

CVE-2023-0464 — openssl: Denial of service by excessive resource usage in verifying X509 policy constraints CVE-2023-0465 — openssl: Invalid certificate policies in leaf certificates are silently ignored CVE-2023-0466 — openssl: Certificate policy check not enabled CVE-2023-2650 — openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-3446 — openssl: Excessive time spent checking DH keys and parameters CVE-2023-3817 — OpenSSL: Excessive time spent checking DH q parameter value CVE-2023-38039 — curl: out of heap memory issue due to missing limit on header quantity CVE-2023-38545 — curl: heap based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38546 — curl: cookie injection with none file CVE-2023-39615 — libxml2: crafted xml can cause global buffer overflow CVE-2023-41081 — httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure CVE-2023-45802 — mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) CVE-2023-45853 — zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

🔗 References (16)